Antivirus recognition of a manuscrit linked to Zotero bibliography

I have an issue for some weeks now and begin to have some clues but need your help to finally solve it.
I am working on a manuscript in Word with Zotero. One day, when I copied a part of a text I wrote from another Word file into my manuscript, my antivirus (Kaspersky but not Windows defender) detected a Trojan in my manuscript. So my doc was deleted and place into quarantaine. As you may imagine I was desperate at that moment!

I manage to recover my file and had to work as a RTF document to be able to continue writing my document. I ask for help of my IT service to solve this issue but couldn't really identify the issue, only help me continue. At that point I thought it was the websites links I add in my documents but after desactivation of all of them I still had my issue.

After finishing my manuscript I unlinked the zotero citations from my RTF file to share it. And I was able to save it again to Word document and work on it without any issue with my antivirus. So I thought that was only 1 ref that was linked to a trojan or something like that. Today, I was going fishing that nasty ref. To do so I splited my manuscript into 3 part (RTF file): section 1, section 2 and tables. Some refs are in those 3 parts and some not so I thought I could narrow down the possibilities by doing so. When I saved each of this split parts of my manuscript into Word document my antivirus doesn't detect any trojan anymore. When I go back to the file I used to split and convert it into Word document, this time the antivirus detect the Trojan.

So now I am a bit lost. It seems like it is not one nasty ref that activate the antivirus but all the bibliography together. I have 523 refs so maybe it is too many for the software of something like that? What do you think? Is there really a Trojan somewhere? Is the document with unliked citation dangerous?

Thanks for your help.
  • While technically infected word document's is a possibility, Zotero or Zotero inserted citations certainly do not have any malware in them. This is 99.9% certainty case of anti-virus software misbehaving and finding false-positives. There's little we can recommend besides either deactivating Kaspersky or working on a different machine.

    I'm not sure what you're saying about RTF files though. If you save word documents as RTF and cite with Zotero in them, after closing and reopening the file in Word all citations will be unlinked, since the RTF file format does not support storing fields. Once saved as RTF and citations are unlinked, there's nothing but plaintext in the document, so that should never trigger a security software unless its misbehaving in a very extreme manner.
  • OK

    About RTF file I was just saying that I was able to continue working on my document (write and add citations) compared to Word document for which Kaspersky react and block instantaneously.
    At some point I manually unliked citations on my RTF file using the button on the Zotero addon on word software and by doing so I was able to save and open again my manuscript in WORD document. That is why I am sure that my issue is linked to my zotero bibliography. As you said, a few people I talked to also told me that it may be a warning of Word software to the antivirus for no good reason, maybe just the number of refs it doesn't like.
  • edited July 7, 2020
    There is another possibility. The Word program can have documents that contain malicious macros. Perhaps the Word document you copied to your manuscript contained such a macro.

    This has nothing to do with your bibliography items. Unless, and this is far fetched, you have URLs in your references and Kaspersky is following the URL to a site that has malware. I haven't used KL software in 7 or 8 years. At that time there were discussions about implementing a URL follow option but I have no idea if that was added to the software.

    With the current state of technology it is _impossible_ for Zotero to add a reference containing a virus from the Zotero program. Zotero inserts _text_ into your document. Zotero isn't inserting executable files.
Sign In or Register to comment.